I will gather here all the machines that I found online (excluding machines on HTB, VulnHub and etc) that are vulnerable by design for training purposes.

Credit to H4x0r101 for the inital list: https://medium.com/@h4x0r101/damn-vulnerable-applications-c4e286832147

Web Application: https://github.com/ethicalhack3r/DVWA

Web Applications: https://github.com/s4n7h0/xvwa

Word Press: https://github.com/vianasw/dvwps

Node JS: https://github.com/appsecco/dvna

Web Sockets: https://hub.docker.com/r/tssoffsec/dvws/

Python: https://github.com/anxolerd/dvpwa

Multiple vulnerable webapps: https://www.vulnhub.com/entry/lab26-11%2C190/

OWASP Juice Shop: https://github.com/bkimminich/juice-shop

Ruby: https://github.com/cktricky/railsgoat

Lesser Known Web Attack Lab: https://github.com/weev3/LKWA

over 50+ examples of vulnerabilities and guides for specific attacks: https://github.com/blabla1337/skf-labs

NotSoCereal-Lab: A Deserialization exploit playground: https://github.com/NotSoSecure/NotSoCereal-Lab

Web Service: https://github.com/snoopysecurity/dvws

API: https://github.com/payatu/Tiredful-API/

API: https://github.com/OWASP/crAPI

websheep - API: https://github.com/marmicode/websheep

SSO: https://github.com/0xbharath/vulnerable-sso

Hadoop: https://github.com/wavestone-cdt/hadoop-attack-library/tree/master/Tools%20Techniques%20and%20Procedures/Setting%20up%20an%20Hadoop%20attack%20environment

GraphQL: https://github.com/david3107/graphql-security-labs

Ouath2: https://github.com/koenbuyens/Vulnerable-OAuth-2.0-Applications

Source Code: https://github.com/h4x0r101/Damn-Vulnerable-Source-Code

Damn Vulnerable C Program : https://github.com/hardik05/Damn_Vulnerable_C_Program

Terraform : https://github.com/bridgecrewio/terragoat

Thick Client Application: https://github.com/secvulture/dvta

Java EE: https://github.com/appsecco/dvja

NetSPI BetaFast: https://github.com/NetSPI/BetaFast

iOS Swift: https://github.com/prateek147/DVIA-v2

iOS: https://github.com/prateek147/DVIA

Android: https://github.com/payatu/diva-android

Android: https://hakin9.org/evabs-extremely-vulnerable-android-labs/

Hybrid Mobile Application: https://github.com/logicalhacking/DVHMA

iOS CTF: https://ivrodriguez.com/mobile-ctf/

iOS iGoat: https://github.com/OWASP/igoat

Crypto Wallet : https://gitlab.com/badbounty/dvcw

Wallet : https://github.com/genecyber/Damn-Vulnerable-Wallet-App

Block Chain : https://github.com/subashsn/dvba

Cryptoomg: https://github.com/SpiderLabs/CryptOMG/blob/master/README.txt

Linux : https://www.vulnhub.com/series/damn-vulnerable-linux-dvl,1/

Linux PrivEsc : https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/

Windows : https://sourceforge.net/projects/dawn-vulnerability-windows/

Device Driver : https://github.com/pwk4m1/Damn_Vulnerable_Device_Driver

Breakout: https://github.com/FuzzySecurity/DefCon24

MemLabs: https://github.com/stuxnet999/MemLabs/blob/master/README.md

Cloud Application: https://github.com/m6a-UdS/dvca

Cloud App (AWS): https://github.com/RhinoSecurityLabs/cloudgoat

Function-as-a-service (AWS Lambda): https://github.com/we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service

Serverless Application: https://github.com/OWASP/DVSA

Kubernetes: https://www.bustakube.com/

Kubernetes Goat: https://github.com/madhuakula/kubernetes-goat

CloudGoat 2 (AWS): https://github.com/RhinoSecurityLabs/cloudgoat

GCP Goat: https://gcpgoat.joshuajebaraj.com/about.html

Azure WebGoat: https://github.com/XMCyber/XMGoat

CI/CD-Goat : https://github.com/cider-security-research/cicd-goat

AWSGoat : https://github.com/ine-labs/AWSGoat

AzureGoat :https://github.com/ine-labs/AzureGoat

IoT: https://github.com/Vulcainreo/DVID

Router: https://github.com/praetorian-code/DVRF

Safe: https://insinuator.net/2016/01/damn-vulnerable-safe/

ICS: https://github.com/ITI/ICS-Security-Tools/tree/master/tools/simulation

SCADA: https://www.slideshare.net/phdays/damn-vulnerable-chemical-process

PI: https://whitedome.com.au/re4son/sticky-fingers-dv-pi/

PI2: http://raspwn.org/

SS7 Network: https://www.blackhat.com/asia-17/arsenal.html#damn-vulnerable-ss7-network

VoIP: https://www.vulnhub.com/entry/hacklab-vulnvoip,40/

WiFi: https://github.com/sensepost/shinai-fi

WiFi2: http://solstice.sh/workshops/advanced-wireless-attacks/

Bluetoothh: https://github.com/hackgnar/ble_ctf/blob/master/README.md

in.security: https://in.security/password-cracking-ctf/

https://www.amanhardikar.com/mindmaps/Practice.html

https://github.com/WazeHell/vulnerable-AD